<HTML>
<!-- =====================================================================

  File:      OrderListPage.htm for Adventure Works Cycles Storefront Sample
  Summary:   Self-documentation for application
  Date:	     June 16, 2003

=====================================================================

  This file is part of the Microsoft SQL Server Code Samples.
  Copyright (C) Microsoft Corporation.  All rights reserved.

This source code is intended only as a supplement to Microsoft
Development Tools and/or on-line documentation.  See these other
materials for detailed information regarding Microsoft code samples.

THIS CODE AND INFORMATION ARE PROVIDED "AS IS" WITHOUT WARRANTY OF ANY
KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE
IMPLIED WARRANTIES OF MERCHANTABILITY AND/OR FITNESS FOR A
PARTICULAR PURPOSE.

======================================================= -->
    <head>
        <title>Adventure Works Cycles Store Documentation</title>
        <link rel="stylesheet" href="style.css">
    </head>
    <BODY>
        <h1>
            OrderList.aspx Page
        </h1>
        <P>
            <strong>Description:</strong>&nbsp;The OrderList page displays a list of all 
            orders that the accessing customer has ever placed with Adventure Works Cycles.
        </P>
        <P>
            <strong>Implementation Notes:</strong>
        &nbsp;This page appears when the user clicks the "Account" button at the top of 
        any page in the Adventure Works Cycles application.&nbsp;
        <p>
            Access to the OrderList.aspx page limited to authorized users only, per the 
            configuration system.&nbsp; The OrderList page logic is encapsulated entirely 
            within its&nbsp;<strong>Page_Load</strong>&nbsp;event handler.&nbsp; This event 
            handler is called when the page is accessed by a browser client.&nbsp;
        </p>
        <p>
            <strong>Configuration Details:&nbsp;</strong>&nbsp;The OrderList.aspx page has 
            been configured to deny access to all non-authenticated customers of the 
            Adventure Works Cycles application.&nbsp; This is accomplished by adding an authorization 
            entry within the Adventure Works Cycles's <A href="Web_config.htm">Web.config</A>&nbsp;file:
        </p>
        <p>
			&nbsp;&nbsp;&nbsp;&nbsp;<font color="#2040a0"><strong><font color="4444FF"><strong>&lt;</strong></font><font color="#2040a0">location</font> <font color="#2040a0">path=</font><font color="#444444">&quot;OrderList.aspx&quot;</font><font color="4444FF"><strong>&gt;</strong></font></strong></font>
			<br/>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<font color="#2040a0"><strong><font color="4444FF"><strong>&lt;</strong></font><font color="#2040a0">system.web</font><font color="4444FF"><strong>&gt;</strong></font></strong></font>
			<br/>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<font color="#2040a0"><strong><font color="4444FF"><strong>&lt;</strong></font><font color="#2040a0">authorization</font><font color="4444FF"><strong>&gt;</strong></font></strong></font>
			<br/>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<font color="#2040a0"><strong><font color="4444FF"><strong>&lt;</strong></font><font color="#2040a0">deny</font> <font color="#2040a0">users=</font><font color="#444444">&quot;?&quot;</font> <font color="#2040a0">/</font><font color="4444FF"><strong>&gt;</strong></font></strong></font>
			<br/>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<font color="#2040a0"><strong><font color="4444FF"><strong>&lt;</strong></font><font color="#2040a0">/authorization</font><font color="4444FF"><strong>&gt;</strong></font></strong></font>
			<br/>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<font color="#2040a0"><strong><font color="4444FF"><strong>&lt;</strong></font><font color="#2040a0">/system.web</font><font color="4444FF"><strong>&gt;</strong></font></strong></font>
			<br/>&nbsp;&nbsp;&nbsp;&nbsp;<font color="#2040a0"><strong><font color="4444FF"><strong>&lt;</strong></font><font color="#2040a0">/location</font><font color="4444FF"><strong>&gt;</strong></font></strong></font>
        </p>
        <p>
            The above entry explicitly denies anonymous user access to the OrderList.aspx 
            URL (in the configuration entry above, the "?" stands for "anonymous 
            users").&nbsp; When a non-authenticated user attempts to access this page, the 
            built-in ASP.NET forms-based security system will automatically redirect them 
            to a configured login page.&nbsp; The Adventure Works Cycles configuration entry below 
            specifies that the Login.aspx page will be the designated login page for this 
            application:
        </p>
        <p>
			&nbsp;&nbsp;&nbsp;&nbsp;<font color="#2040a0"><strong><font color="4444FF"><strong>&lt;</strong></font><font color="#2040a0">system.web</font><font color="4444FF"><strong>&gt;</strong></font></strong></font>
			<br/>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<font color="#008000">&lt;!-- enable Forms authentication --&gt;</font>
			<br/>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<font color="#2040a0"><strong><font color="4444FF"><strong>&lt;</strong></font><font color="#2040a0">authentication</font> <font color="#2040a0">mode=</font><font color="#444444">&quot;Forms&quot;</font><font color="4444FF"><strong>&gt;</strong></font></strong></font>
			<br/>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<font color="#2040a0"><strong><font color="4444FF"><strong>&lt;</strong></font><font color="#2040a0">forms</font> <font color="#2040a0">name=</font><font color="#444444">&quot;AdventureWorksStoreAuth&quot;</font> <font color="#2040a0">loginUrl=</font><font color="#444444">&quot;login.aspx&quot;</font> <font color="#2040a0">protection=</font><font color="#444444">&quot;All&quot;</font> <font color="#2040a0">path=</font><font color="#444444">&quot;/&quot;</font> <font color="#2040a0">/</font><font color="4444FF"><strong>&gt;</strong></font></strong></font>
			<br/>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<font color="#2040a0"><strong><font color="4444FF"><strong>&lt;</strong></font><font color="#2040a0">/authentication</font><font color="4444FF"><strong>&gt;</strong></font></strong></font>
			<br/>&nbsp;&nbsp;&nbsp;&nbsp;<font color="#2040a0"><strong><font color="4444FF"><strong>&lt;</strong></font><font color="#2040a0">/system.web</font><font color="4444FF"><strong>&gt;</strong></font></strong></font>
        </p>
        <p>
            Developers are free to customize the look and feel of the login page however 
            they want, and may perform whatever manner of credential validation checks 
            necessary to validate the user (in the Adventure Works Cycles application we check 
            usernames/passwords against a database).&nbsp; After the client successfully 
            identifies themselves (ie: their username and password are correct) they are 
            redirected back to OrderList.aspx and granted access to the page.&nbsp; Please 
            review the <A href="Login_aspx.htm">Login.aspx</A>
        &nbsp;page to see how this is done within Adventure Works Cycles.
        <p>
            <strong>Page_Load Event Handler:&nbsp;</strong> &nbsp;The code within the 
            Page_Load event handler utilizes the Page's User object to lookup the 
            authenticated identity of the connected customer.&nbsp; For Adventure Works Cycles the 
            authenticated identity name is the customer's unique CustomerId.&nbsp; The 
            OrderList.aspx Page_Load event handler then utilizes this CustomerId value to 
            call the GetCustomerOrders method of the OrdersDB class to obtain a summary of 
            orders the customer has placed.&nbsp; This method internally 
            uses the <A href="usp_OrdersList.htm">usp_OrdersList</A>
        &nbsp;stored procedure to fetch the product&nbsp;information from the Adventure Works Cycles 
        database.
        <P>
        The specific items within the order are then displayed using an 
        &lt;asp:DataGrid&gt; control.&nbsp; Various style properties have been set on 
        the &lt;asp:datagrid&gt; to make it look nice and presentable.&nbsp; Various 
        &lt;asp:Label&gt; server controls are also then used to output aggregate 
        information about the order (total order price, ship date, order date, etc).
        <P>
            <B>Peformance Notes:</B>
            <ul>
                <li>
                Because this page does not post back to itself -- that is, there are no buttons 
                that submit the page back to ProductsList.aspx -- we do not need to preserve 
                the values of controls on the page across requests. Consequently we disabled 
                control state management by adding a "MaintainState=false" attribute to the 
                Page directive. This reduces the size of the page and speeds page processing.
                <li>
                    Because the page does not use session state, we do not require the Session 
                    intrinsic object to be available on this page. Therefore we disabled session 
                    state management by adding a "EnableSessionState= false" attribute to the Page 
                    directive, which again speeds the page.
                </li>
            </ul>
    </BODY>
</HTML>
